Skip to main content

BreachBits: US oil and gas sector at risk of a cyber breach

Published by
Hydrocarbon Engineering,

The majority of companies across the U.S. oil and gas industry are at risk of a successful cyber breach according to BreachBits, a cyber risk rating and monitoring company that evaluates and tests organizations from a hacker’s perspective to empower them to anticipate attacks. Following an analysis of 98 representative upstream, midstream, downstream and supply chain companies across the energy sector, BreachBits has released their findings in BreachRisk: Energy 2022, a cyber state of the industry study.

“On average, the oil and gas companies we observed were at Medium Risk, with a score of 4.1 out of 10 on our BreachRiskTM scale, but that risk was not distributed evenly across the sector,” said BreachBits CEO and Co-Founder John Lundgren. “Additionally, 11% of the companies presented potentially serious, high-risk threats. We identify and monitor cyber risks at scale as we did here, detect issues and then test them just as a hacker would for our customers.”

The study by BreachBits ranked 59% of companies at medium risk for a cyber breach, 13% at low risk and 28% at very low risk. Other key observations included:

  • 94% of all ransomware threats were held by only 51% of companies.
  • BreachRisk increases for companies with greater than US$50 million in annual recurring revenue.
  • BreachRisk significantly increases for companies with more than 250 employees.

BreachBits, founded by US military cyber warfare veterans, measures an organisation’s BreachRisk as the likelihood of a successful breach against the potential impact to the subject.

“We measure cyber risk based on actual threats and viable attack vectors, not hypothetical ones, and we do that from the hacker’s perspective. That means the risks we identified in this study are the same observations being made by active cyber attackers,” said BreachBits COO and Co-Founder, J. Foster Davis. “What’s different is that we’ve taken those complex assessments and translated them into an easy to understand cyber risk score that everyone from the boardroom to the server room can use to better understand, measure and communicate risk.”

Read the article online at:

You might also like


Embed article link: (copy the HTML code below):